aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin André <m.andre@redhat.com>2017-06-13 15:35:16 +0200
committerMartin André <m.andre@redhat.com>2017-06-30 08:14:51 +0200
commitd53feb830bcbfa35722c0eac5937b5157628c827 (patch)
tree387b00884cfa64460fd4be4859d83dbd2c833623
parent1847a014232afa726d01b3f75f46eec7b5444a45 (diff)
Bind mount needed cert for haproxy
haproxy needs the deployed SSL cert file to function when TLS is enabled. It is also required for the docker-puppet haproxy container since the haproxy puppet module uses a validate_cmd to check the generated config file is valid that fails when the required SSL cert is not present. There is no clean way to disable this feature [1] so we need to bind mount the cert into the container. [1] https://github.com/puppetlabs/puppetlabs-haproxy/blob/4753ea5b2506ee093e9b4c8af6e91201d476d426/manifests/config.pp#L53-L57 Change-Id: Id2df144b678769def204961236624091d4e5c457
-rw-r--r--docker/services/haproxy.yaml12
1 files changed, 12 insertions, 0 deletions
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 242f0751..5831fe89 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -42,6 +42,11 @@ parameters:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
RedisPassword:
description: The password for Redis
type: string
@@ -93,6 +98,12 @@ outputs:
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerHAProxyConfigImage} ]
+ volumes: &deployed_cert_mount
+ - list_join:
+ - ':'
+ - - {get_param: DeployedSSLCertificatePath}
+ - {get_param: DeployedSSLCertificatePath}
+ - 'ro'
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: haproxy -f /etc/haproxy/haproxy.cfg
@@ -109,6 +120,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
+ - *deployed_cert_mount
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/haproxy/etc/:/etc/:ro